Similar presentations:
Virus - worms
1.
PresentationOn this topic
"Virus - worms"
Completed by: Yastrebtsev S.S
Group: KS9520
2.
DescriptionA network worm is a type of
malicious program that
independently spreads through local
and global computer networks. A
distinctive feature is the ability to
reproduce (self-replication). In
addition, viruses can perform other
arbitrary actions without the user's
knowledge, including those that
harm the user or computer.
3.
Distribution MechanismsExploitation of vulnerabilities and administrative errors in software
installed on a computer. For example, the Conficker malware used a
vulnerability in the Windows operating system to spread itself; The
Morris worm guessed the password using a dictionary. Such worms
are capable of spreading autonomously, selecting and attacking
computers in a fully automatic mode.
Using the means of so-called social engineering, the user is provoked
to launch a malicious program. To convince the user that a file is
safe, flaws in the program's user interface can be used - for example,
the VBS.LoveLetter worm took advantage of the fact that Outlook
Express hides file extensions. This method is widely used in spam
mailings, social networks, etc.
4.
Spread speedThe speed at which a network worm spreads
depends on many factors. Provided that each
instance of the worm reliably knows the address of a
previously uninfected network node, exponential
reproduction is possible. For example, if each
instance infects one computer per second, the entire
address space will be filled by the worm in half a
minute. However, the vast majority of worms use
much less efficient algorithms.
Instances of a typical worm search for vulnerable
network nodes using trial and error - randomly. With
such an outcome, the speed of its spread is quite low
- the worm constantly “bumps” into previously
infected nodes. The reproduction curves for worms
using mail protocols look approximately the same, but
their overall rate of spread is lower. The duration of
“mail” epidemics can reach several months.
5.
Methods of protectionBecause network worms use vulnerabilities in thirdparty software or operating systems to penetrate a
user's system, using signature-based anti-virus
monitors is not enough to protect against worms.
Also, when using social engineering methods, the
user is forced under a plausible pretext to launch a
malicious program, even despite a warning from the
antivirus software. Thus, to provide comprehensive
protection against modern worms and any other
malware, it is necessary to use proactive protection.
6.
PayloadOften, worms, even without any
payload, overload and temporarily
disable networks simply due to their
intensive spread. A typical meaningful
payload may consist of corrupting files
on the victim computer (including
changing web pages, the so-called
“deface”), or from infected computers it
is possible to organize a botnet to carry
out network attacks, send spam, or
(more recently) cryptocurrency mining.
7.
ConclusionNetwork worms can be very
dangerous if they are not
removed promptly.
Theoretically, viruses of this
type can infect any computer
connected to the network.
Capable of reproducing in a
very short time.